Water Facilities Warned to Improve Cybersecurity as Nation-State Hackers Pounce

On April 19th, the Wall Street Journal published an article detailing new plans in Congress to pass a bill mandating new cybersecurity standards and protections for water systems throughout the country. In this bill, water facility managers must work with the Environmental Protection Agency to implement new security measures. In the past, this effort has been pushed back by the American Water Works Association, stating that this effort would be too costly for the facilities. However, new threats by nation-states can compromise the water infrastructure. Not limited to water systems, the time for detection of nefarious behavior within a system can be an extended period, resulting in more catastrophic failure once an attack is sufficiently organized. Regarding the water facilities, the FBI found and dissuaded Chinese hackers infiltrating American water systems, some remaining for five years. The FBI Director, Christopher Wray, mentions that “hackers targeting water facilities and other infrastructure are preparing to destroy or damage their systems.”
The water facilities in the United States are amongst the most crucial for the country. Their daily operations can be compromised through hacking, potentially affecting many Americans. While many of the water facility managers quote the high cost of implementing these systems as a barrier, clear penetrations by China, Iran, and other nation-states demonstrate that this is a genuine and clear concern that needs to be addressed. Due to the old infrastructure of most of these water systems, they are extremely vulnerable to attack and require upgrades. This process of upgrading will likely be long and legal, but critical for the safety and maintenance of the United States’ foundational infrastructure.